Network Security Computer Networking: A Top Down Approach , 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009. Chapter 8: Network Security Chapter goals: ❒  understand principles of network security: ❍  cryptography and its many uses beyond “confidentiality” ❍  authentication ❍  message integrity ❒  security in practice: ❍  firewalls and intrusion detection systems ❍  security in application, transport, network, link layers Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e-mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7 Securing wireless LANs 8.8 Operational security: firewalls and IDS What is network security? Confidentiality: only sender, intended receiver should “understand” message contents ❍  sender encrypts message ❍  receiver decrypts message Authentication: sender, receiver want to confirm identity of each other Message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection Access and availability: services must be accessible and available to users Friends and enemies: Alice, Bob, Trudy ❒  well-known in network security world ❒  Bob, Alice (lovers!) want to communicate “securely” ❒  Trudy (intruder) may intercept, delete, add messages secure sender secure receiver channel data, control messages data data Alice Bob Trudy Who might Bob, Alice be? ❒  … well, real-life Bobs and Alices! ❒  Web browser/server for electronic transactions (e.g., on-line purchases) ❒  on-line banking client/server ❒  DNS servers ❒  routers exchanging routing table updates ❒  other examples? There are bad guys (and girls) out there! Q: What can a “bad guy” do? ❍  eavesdrop: intercept messages ❍  actively insert messages into connection ❍  impersonation: can fake (spoof) source address in packet (or any field in packet) ❍  hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place ❍  denial of service : prevent service from being used by others (e.g., by overloading resources) Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e-mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7 Securing wireless LANs 8.8 Operational security: firewalls and IDS 9 The language of cryptography m plaintext message K A (m) ciphertext, encrypted with key K A m = K B (K A (m)) plaintext plaintext ciphertext K A encryption algorithm decryption algorithm Alice’s encryption key Bob’s decryption key K B 10 Simple encryption scheme substitution cipher: substituting one thing for another ❍  monoalphabetic cipher: substitute one letter for another plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq Plaintext: bob. i love you. alice ciphertext: nkn. s gktc wky. mgsbc E.g.: Key: the mapping from the set of 26 letters to the set of 26 letters [...]... Two approaches: ❍  ❍  Search through all keys: must be able to differentiate resulting plaintext from gibberish Statistical analysis ❒  Known-plaintext attack: trudy has some plaintext corresponding to some ciphertext ❍  eg, in monoalphabetic cipher, trudy determines pairings for a, l,i,c,e,b,o, ❒  Chosen-plaintext attack: trudy can get the cyphertext for some chosen plaintext 12 Types of Cryptography... Bob and Alice share same (symmetric) key: K S ❒  e.g., key is knowing substitution pattern in mono alphabetic substitution cipher Q: how do Bob and Alice agree on key value? 14 Two types of symmetric ciphers ❒  Stream ciphers ❍  encrypt one bit at time ❒  Block ciphers ❍  Break plaintext message in equal-size blocks ❍  Encrypt each block as a unit 15 Stream Ciphers pseudo random key keystream generator... many possible mappings are there for k=3? ❍  How many 3-bit inputs? ❍  How many permutations of the 3-bit inputs? ❍  Answer: 40,320 ; not very many! ❒  In general, 2k! mappings; huge for k=64 ❒  Problem: ❍  Table approach requires table with 264 entries, each entry with 64 bits ❒  Table too big: instead use function that simulates a randomly permuted table 19 From Kaufman et al Prototype function 64-bit...Polyalphabetic encryption ❒  n monoalphabetic cyphers, M1,M2,…,Mn ❒  Cycling pattern: ❍  e.g., n=4, M1,M3,M4,M3,M2; M1,M3,M4,M3,M2; ❒  For each new plaintext symbol, use subsequent monoalphabetic pattern in cyclic pattern ❍  dog: d from M1, o from M3, g from M4 ❒  Key: the n ciphers and the cyclic pattern 11 Breaking an encryption scheme ❒  Cipher-text only attack: Trudy has ciphertext that she can analyze... keys (actually encrypt, decrypt, encrypt) 25 Symmetric key crypto: DES DES operation initial permutation 16 identical “rounds” of function application, each using different 48 bits of key final permutation 26 AES: Advanced Encryption Standard ❒  new (Nov 2001) symmetric-key NIST standard, replacing DES ❒  processes data in 128 bit blocks ❒  128, 192, or 256 bit keys ❒  brute force decryption (try each... modular arithmetic ❒  x mod n = remainder of x when divide by n ❒  Facts: [ (a mod n) + (b mod n)] mod n = (a+ b) mod n [ (a mod n) - (b mod n)] mod n = (a- b) mod n [ (a mod n) * (b mod n)] mod n = (a* b) mod n ❒  Thus (a mod n)d mod n = ad mod n ❒  Example: x=14, n=10, d=2: (x mod n)d mod n = 42 mod 10 = 6 xd = 142 = 196 xd mod 10 = 6 31 RSA: getting ready ❒  A message is a bit pattern ❒  A bit pattern can... just break message in 64-bit blocks, encrypt each block separately? ❍  If same block of plaintext appears twice, will give same cyphertext ❒  How about: ❍  Generate random 64-bit number r(i) for each plaintext block m(i) ❍  Calculate c(i) = KS( m(i) ⊕ r(i) ) ❍  Transmit c(i), r(i), i=1,2,… ❍  At receiver: m(i) = KS(c(i)) ⊕ r(i) ❍  Problem: inefficient, need to send c(i) and r(i) 22 Cipher Block Chaining... key) taking 1 sec on DES, takes 149 trillion years for AES 27 Public Key Cryptography symmetric key crypto ❒  requires sender, receiver know shared secret key ❒  Q: how to agree on key in first place (particularly if never “met”)? public key cryptography ❒  radically different approach [DiffieHellman76, RSA78] ❒  sender, receiver do not share secret key ❒  public encryption key known to all ❒  private... block cipher c(i) = “k329aM02” = “k329aM02” Symmetric key crypto: DES DES: Data Encryption Standard ❒  US encryption standard [NIST 1993] ❒  56-bit symmetric key, 64-bit plaintext input ❒  Block cipher with cipher block chaining ❒  How secure is DES? ❍  DES Challenge: 56-bit-key-encrypted phrase decrypted (brute force) in less than a day ❍  No known good analytic attack ❒  making DES more secure: ❍ ... intermediate Loop for n rounds 8-bit to 8-bit mapping 64-bit output 20 Why rounds in prototype? ❒  If only a single round, then one bit of input affects at most 8 bits of output ❒  In 2nd round, the 8 affected bits get scattered and inputted into multiple substitution boxes ❒  How many rounds? ❍  How many times do you need to shuffle cards ❍  Becomes less efficient as n increases 21 Encrypting a large message . attack: Trudy has ciphertext that she can analyze ❒  Two approaches: ❍  Search through all keys: must be able to differentiate resulting plaintext from gibberish ❍  Statistical analysis. to ensure message not altered (in transit, or afterwards) without detection Access and availability: services must be accessible and available to users Friends and enemies: Alice, Bob, Trudy. exchanging routing table updates ❒  other examples? There are bad guys (and girls) out there! Q: What can a “bad guy” do? ❍  eavesdrop: intercept messages ❍  actively insert messages